Snort mailing list archives
Snort RULES and Variables want to kill me!
From: "Jake Schneider" <j4k3 () charter net>
Date: Sun, 24 Aug 2003 18:45:00 -0500
Hello I have a rule set that wants to eat me, well actually it's probably more of my own misunderstanding than anything, but could anyone give me some insight in to my situation? I have in my snort.conf defined EXTERNAL_NET like this; var EXTERNAL_NET [!192.168.0.0/24,!192.168.1.0/24,!192.168.2.0] Yet when snort runs, it logs tons of alerts from broken NT4 domain controllers generating bogus alerts and spamming my logs with garbage. I was hoping that the above decleration of my external net would tell snort to ignore all those IP ranges and log everything else. My question is, how to I get my internal network to be disregarded to snort, and only focus on external alerts. Apparently I'm missing something. Jake Schneider jschneider () mscdata com (281)827-0896 http://www.mscdata.com/
Current thread:
- Snort RULES and Variables want to kill me! Jake Schneider (Aug 24)
- Re: Snort RULES and Variables want to kill me! Paul Schmehl (Aug 24)
- Re: Snort RULES and Variables want to kill me! Alessandro Salvatori (Aug 25)
- Re: Snort RULES and Variables want to kill me! sandr8 (Aug 26)
- Re: Snort RULES and Variables want to kill me! Paul Schmehl (Aug 24)